America’s Role in Cybersecurity
It would simply not be possible for a single private company to be able to issue warnings or advice for an entire nation. This includes dedicated server hosting providers, cloud hosting, malware & anti-virus companies, DDoS hardware vendors etc. America’s role in cybersecurity is to step in in a situation where a national threat must be announced to as many citizens as possible. No company is as large as a government agency nor likely to have the resources and infrastructure to provide such a massive alert to its citizens.
The cyberspace security response initiative started as far back as 2002 in the US as outlined in great detail in the National Strategy to Secure Cyberspace document which describes the role citizens and government play in a cyber threat or imminent attack. There are five major priorities for America’s role in cybersecurity:
- Response team.
- Threat and Vulnerability Reduction Program.
- Awareness and Training Program.
- Securing Government’s Cyberspace.
- National and International Cyberspace Security Cooperation.
- Rapid identification, exchange of information and remediation is a first priority where hosting providers, hardware, and software vendors can coordinate response efforts. Informing a company’s clients of a security threat and minimizing the damage is paramount to stifling a potential, crippling attack. Is your business kept apprised of attacks or security breaches via electronic notifications from your government? Is it in real-time?
- Threats and vulnerabilities can be minimized via local law enforcement, improving Internet protocol, reducing software vulnerabilities, physical security of cyber systems and telecommunications, and ensuring emerging technology is secure.
- Dedicated server providers generally should be able to keep their clients as well as their employees, informed of creditable cybersecurity trends and keep them updated on maintaining good practices. One targeted dedicated server can affect several clients and domains in one swoop.
- If a government cannot keep its own systems secure, it sets a paltry example for the rest of the nation. Especially since governments run basic critical services that are increasingly “online” such as public health, emergency services, broadcast systems, information and telecommunications, public transportation, banking and financial services, as well as the postal system.
- Cyber attacks can quickly and readily reach across borders resulting in finding the source of the malicious activity difficult. This requires international cooperation between all dedicated server hosting providers and governments via dialogue and partnerships resulting in a culture of cybersecurity.
As far back as 2001, the ILOVEYOU worm was one of the first viruses to spread around the globe at extremely rapid speeds and considered to be the most destructive worms ever. Followed by Code Red worm, Code Red II and the Nimda worm it became clear that the speed in which malicious code could spread to computers worldwide was a threat. If there is not a collaboration between dedicated server hosting companies and government, it will become increasingly difficult to at least minimize the damage these worms and viruses can cause and to eventually stop the spread of cyber attacks.
A good resource for staying updated on basic but important current cyber events or threats is here: http://www.us-cert.gov/alerts-and-tips/
America’s role in cybersecurity is and should not be to try and secure computer networks run by financial institutions, energy companies, communication services, dedicated server hosting companies or general web hosting providers, and health services etc. It should be the responsibility of individuals and companies to secure their day to day operations. The main priority should be to prevent attacks from causing damage in the first place, not to simply deal with the symptoms of security breaches or malicious code.
This can be done in several ways, but the main advantage America’s role in cybersecurity has in preventing attacks, are cybercrime laws that are clear and strongly enforced. According to the US Justice Department’s Computer Crime and Intellectual Property Section and the FBI’s Cyber Division, most, if not all, all cyber-based attacks are crimes. This should be clearly stated on a hosting provider’s (or any company for that matter), web page(s) or order page(s) that fraud and cyber attacks are deemed crimes and punishable by law. If cybercrime is not reported, the perpetrators can simply continue to engage in their criminal activities without consequences leaving them to inflict damage on unsuspecting and unprepared companies.
Competitors can still remain competitive while protecting and helping each other’s businesses.
It should be noted here that various cyber crimes can also occur within institutions of higher learning or in a company’s network, software, hardware and servers. This can simply be for personal gain, sabotage or from a disgruntled employee. This can be minimized by limiting access to control of an entire system by segregating duties, securing and monitoring access such as with software or various means of surveillance.
Our dependence and reliance on cyberspace will only escalate in the years ahead. Uptime and security are becoming more and more vital and there is an ever-increasing market for cybersecurity. It is, therefore, vital that government becomes a major resource in combating cyber attacks. It is important that there is a concerted effort between companies and government in order to keep ahead of ongoing and evolving threats, either from individuals, groups or even nations. As the government has a responsibility to combat threats, so should every networked and Internet-connected entity have a sense of their own responsibility.